Unix Notes
(Commands and Options you should know)
To know a Unix system, you must explore it's installed programs & filesystem
(often much is installed, many users bang away at it and some software no longer works
so it's easier to learn what's important on a simpler, smaller 1-user install ie Linux)
"unix philosophy: lot of little tools, each doing 1 job very well,
can be chained [or rather, 'piped'] together in an infinite number of
combinations in order to automate any task."
Echoes all commands on your path:
tab,tab at a blank prompt (bash)
OR ls `echo $path` | sort (csh)
OR /bin/ls `echo $PATH | tr : \ ` | sort
OR /bin/ls `echo $PATH | sed 's/:/ /g'` | sort
[man -k intro] # SunOS documentation
File/Disk Manipulation:
cd
ls -AF --colour [-lrt] [-1] [-l|-lu|-lc] pwd ($PWD)
cmu: create, modify, use timestamps (aka a=access)
ls -lc: not really creation time, actually inode change time
mv: doesn't alter cmu
cp: alters u of src, mc of dest
ln: alters cmu of link, none of src
links: get u updated on each deref/symbolic-lookup
chmod/chgrp/chown gzip+gunzip: alters c
tar/untar: alters cu to time of unarc (of dest, alters nothing of src)
vi/cat: alters u
vi-save: alters cmu
touch: alters c to now, mu to now/whatever-specified
cp [-r] [-dpRx|-ax] [-l|-s] [-u] rcp
mv
rm [-r]
rmdir mkdir [-p] (-p makes any needed parent dirs)
pico|vi|emacs [file]
ln -s
ln src/* src/.* dest/ (make dest/ contain links to everything in src/)
unused files: ls -lu[r]t run util, find util/ -amin +1 | xargs rm
find [condition-args] [2>/dev/null]
locate(updatedb) [glimpse - like locate but for file contents]
(see findnotes, find is powerful)
xargs [-i{}] [-n1] [-l1] cmd # runs "cmd " for each line in input (brilliant, use w/find)
# Warning: don't use -i with -n or -l (-i turns -n on automatically?)
# Note: xargs is just for convenience, for complex stuff, use awk|sh eg awk '{print "echo $0; grep $0 file"}' | sh
eg find . -print0 | xargs -0 grep foo # search all files rec down from curdir for "foo"
(trick to force nulls: perl -pe 's/\n/\0/' | xargs -0)
cat -vet # shows nulls/tabs/LF/CR
strings
echo ABCD | od -t a # output: 0000000 A B C D nl
echo ABCD | od -t dC # output: 0000000 65 66 67 68 10
od -t x2 HelloWorld.class # CAFEBABE (hex)
od -t u HelloWorld.class # Unsigned words(2b)
od -t u2 HelloWorld.class # Unsigned bytes(1b)
[bpe] # hex-ed/patcher (linux)
[biew vche khexdit ghex] # hex ed's
chmod [-R] ugo +/- rwx # Common: 755 644 711 777
chmod u=g * [stat -- like ls -l]
file perms: sticky=text-mem is saved, fast startup after the first run
dir perms: rx=list, x=access-no-list, w+sticky=/tmp -- write but not to other users' files
chown user[.group] chgrp
chroot new_root_path [command] # use a new root dir
chroot /mnt /bin/bash # Run bash using mnt as root (eg mnt is a glibc install, bootdisk isn't)
pushd ~; ...; popd # goes to homedir, then later returns (dirs -l displays dir-stack)
tar <-tvf|-cvf|-xvf> arc.tar [files...]
gzip [-9] file.txt (becomes file.txt.gz, file.txt gone) gunzip file.txt.gz
gzip -dc arc.tgz | tar -xvvof - tar -cvf - dir | gzip -9 >arc.tgz
tar -uvf arc.tar dir zip -ru arc.zip dir # Update (only newer files) from File System
tar -t[v]f file.tar tar -df file.tar # view/diff-with-file-system
tar -xzvf - arc.tgz tar -czvf - dir # tar's "z" option replaces gzip
gzip -dc arc.tgz | tar -t[v] tar -tzvf - arc.tgz #ls contents
tar cf - . | zip a - == tar cf - . | zip >a.zip # tar&zip
unzip -p a.zip | tar xvf - . # unzip&untar
zip -r a.zip a/ # zip dir recursively
zip a.zip *.c # zip files
find . | zip a.zip -@ # zip files from a find
unzip -l f.zip # list archive contents
unzip f.zip # unzip archive
.gz:gzip(better than compress?) .Z:compress
zless zmore zdiff zcmp gzexe(compress exe, unarcs on run)
pax(Posix cpio/tar/other, portable archive interchange)
bzip2(better than gzip)
# cpio(kinda like tar)
find . | cpio -o >../arc.cpio
cat ../arc.cpio | cpio -itv # list contents of cpio
cat ../arc.cpio | cpio -iumd # unarc (just -i works in simple cases)
Note about tar (and unarcing "packages" from root eg converted rpms)
-k: keep overwritten file's ownership, doesn't make /etc /usr /bin RO if the arc says to!
-p: preserve permissions (default is some screwed up heuristic??)
Would you like to have the tar-gz not overwrite /etc /usr ownership? TOO BAD!!
file
which(where,whence)
whereis # find the binary/exe, src, man-pages
what # exe's ident
eg:char *ident="Version: @(#)/etc/hosts.allow 1.00 05/28/93" <<< gnu supports #ident directive
man -k apropos whatis # keyword, simple help
makewhatis(run like updatedb) files: /whatis
man | less # now search highlights matches Tip: "/^ *foo" finds foo, first thing on the line
manual man: echo $MANPATH | tr : \\n | xargs -i find {} -name ld\* [-maxdepth 1]
man filters: nroff -man groff -Tascii -mandoc
Sun: ... | tbl | eqn | nroff -u0 -Tlp -man - | col -x
Linux: cat /usr/man/man1/chattr.1.gz | gzip -dc | /usr/bin/gtbl | /usr/bin/groff -S -Tascii -mandoc | less
man -f # lists filenames/sections of
manual man -f: echo $MANPATH | tr : \\n | xargs -i grep -i '^ls ' {}/whatis # whatis or try windex
touch [-t [[CC]YY]MMDDhhmm[.SS]] [-r ]
cksum[/md5sum][/sum]
mdir mcopy mcd mdel [eject] # dos formatted floppy commands
fdformat -n /dev/fd0u1440 # low level format
mformat A: # Add msdos fs to low-level formatted disk (like dos format /q a:)
mke2fs /dev/fd0 # Add ext2 fs to low-level formatted disk
df [-k] [.]
du -s * du -s . du -x / >du_all
dd if= of= [count=#] [bs=#] [skip=#] [seek=#] # skip/ibs seek/obs
mount [[-t vfat|ext2|iso9660] eg mount /dev/hda1 /c
fsck|e2fsck|fsck.ext2
mke2fs,mk*fs fdisk(*cfdisk sfdisk) fdformat format superformat
badblocks /dev/fd0H1440 1440 > bad-blocks
fsck -t ext2 -l bad-blocks /dev/fd0H1440
lpr lpq lprm lp lpstat cancel lpset lpget # printing
a2ps # ie cat f.ps | a2ps | lpq
(try apropos ps) enscript pstext psbook psnup ps2ps ps*
pbmtext p?m* fix* (ex fixwfwps WordForWindows)
NFS: rpcinfo -p showmount -e nfsstat? rpcclient?
(NFS progs: /usr/sbin/portmap /usr/sbin/rpc.mountd /usr/sbin/rpc.nfsd)
tripwire/aide: makes listing(name/date/size/cksum/...) of filesystem
(later checks tell altered files = brilliant security measure, similar brilliancy to backups)
(beware of a much-changing filesystem eg power Linux user eg homedirs of many people)
cksum /etc/* /sbin/* /bin/* >corefiles.cksum
cksum many_files | cksum - # generate a cksum of cksums
[quota [-v]]
mc # Midnight Commander (like Norton Commander -- 2-panel text-mode file move/copy/etc util)
Text Manipulation:
grep awk sed tr perl
[states] # like awk but with states (eg for highlighting)
perl -de0 (debug mode, allows interactive input/execution)
cat|perl - (reads perl code^Dreads input^D)
perl -pi'' -e 's/foo/bar/g' * Search&Replace on files
find . -name '*.bak' -print0 | perl -n0e unlink #rm's .bak files
grep [-l|-n|-c|-r] pat files (filenames,line#s,counts,recurse)
# '-v'=not '-e'=or(sort of) '-f '=patterns 1 per line from file
# context option(also shows nearby lines): -# or -C[#] eg grep -2 foo
* In grep: ^ $ . * \( \) [ \{ \} \ \+ \| $ (may need \$ in shell) (glob-likes are unslashed)
* In egrep: | ^ $ . * + ? ( ) [ { } \
vi/sed: ^ $ . * \( \) [ \ \< \>
[:alpha:] Any alphabetic character [:lower:] Any lowercase character
[:upper:] Any uppercase character [:digit:] Any digit
[:alnum:] Any alphanumeric character (alphabetic or digit)
[:space:] Any white space character (space, tab, vertical tab)
[:graph:] Any printable character, except space
[:print:] Any printable character, including the space
[:punct:] Any punctuation (i.e., a printable character that is not white space or alphanumeric)
[:cntrl:] Any nonprintable character
eg fgrep -e cat -e dog # '-e' means 'or'
paste (in columns)
tr [:cntrl:] [.*] # dump a binary file (removing unprintable ctrl chars)
tee (send output to both stdout and to a file)
uniq [-c] (remove duplicate lines)
wc [-l|-c|-w] [files] (word count)
fmt [-u|-t] (word wraps text, may need a sed 's/ *//' before it to erase indent, -u=respace, -t=dif-para-logic)
fold [-s] # splits long lines (80 chars, -s=split at word-boundary)
tput (termcap function, see "man terminfo" eg lines,cols,clear; also "man console_codes")
[un]expand tabs>spaces or vice versa (using tab-stop logic)
[column -t (forces data into a table)]
cut <-c3-5,7-9|-f1,3> [-d delim]
match/remove char-columns: awk 'substr($0,n,1)=="c"' colrm [colFrom [colTo]]
sort -brnf -t ":" +2.3 # ignore blanks, reverse, interpret as decimal number, ignore case, field 2, char 3
tac # reverse lines
rev # reverse chars on each line
[tsort (topological sort?)]
tail [-f] [-c [+]N | <+|->N] head <-n|-c> N
split join csplit(regexs)
split -b 1457664 backup.tar.gz myfiles.
csplit -k gdb.out "/(gdb)/" "{999}"
dirname basename name [suffix]
nl [-ba] # Number Lines, like 'cat -n'
sed -e 's/foo/bar/g;s/bar/foo/g'
sed -n 's/foo/bar/gp' # -n=noPrint(print only matched lines?), p=print
sed -e '/junk/d' # delete
diff patch diff3 comm cmp [splat replace (rare search&replace utils)]
diff [-c|u] [-d] [-s] [-q] [-p] file1 file2
diff [-r] dir1 dir2
[filemerge (nice X-based merge util)]
uuencode uudecode [mimencode/mmencode, replaces uu*code]
[des] # des encrypt
less more # v=vi /,?=search q=quit rtn/space=scroll b=back #d=skip # lines(goto) less: gGm'
-N -n : line numbering hotkey in less (on/off) left/right shift the document too :<#lines>
script (logs this tty, like "$SHELL | tee log")
[cryptdir] [crypt] (encrypts a file, breakable by an expert, use PGP instead)
[ssleay] # Encrypt/Decrypt (blowfish des_ede3 rc2 rc4)
gettext [domain]
# SunOS CLI formatted-input commands: (ck*)
ckyorn(Y/N) ckpath ckdate cktime ckuid ckgid ckint ckrange(eg2-6) ckstr
item=`ckitem -f menu_list` # choose a number from a numbered menu
FMLI: Form and Menu Language Interpreter # SunOS script lang
$COLUMNS, $LINES (automatic shell vars for screen size)
==/=, !=: string csh/sh(test), numeric perl
>, <=..: numeric csh/perl
eq gt..: string perl
-eq -gt..: numeric sh(test)
test: -f file -d dir -r|-w|-x file|dir -a=and,-o=or
# Why "a$VAR = a" sh-scripting convention exists:
[ $FOO = "" ] # fails (under old sh)
[ $FOO = "FOO" ] # fails when FOO=""
[ a$FOO = a ] # works
About users:
w uptime who ps users top [pstree]
[ico (X gfx demo for speed comparison)]
id uname [-a] tty hostname $LOGNAME $SHELL logname whoami [$USER]
env # displays environment
env -i [command] # runs command with no env
unset `env | sed 's/=.*//'` # clears bash env
env >env.mar30.FooCompEnv
source env.mar30.FooCompEnv # fails if any var-values contain spaces/$/!
# To handle spaces/weird-chars: (do either one)
env | sed -e 's/=\(.*\)$/="\1"/' >env; source env
env >env; eval `sed -e 's/=\(.*\)$/="\1"/' [login] # Switch to another account (see /etc/suauth)
[sudo] # just like su only it "remembers the password" for you for a short while
passwd
chsh
ch*
[mkpasswd]
ps -ef, ps auwx, ps cx
ps -e[f]H, ps -eHo "%P %U %y %c %a", ps -a, ps -efH | fgrep -v -e \? -e getty
[pstree]
last [-50] [username] # last logins to the computer
lastlog # last login by each person to the computer
rwho rusers ruptime rup
yppasswd ypmatch ypcat [-x|uid passwd]
Client/Server: ypbind Server: ypinit -m ypmake ypserv
vmstat dmesg procinfo(linux) iostat(SR5) [pstat] [mpstat]
[free] # Linux mem info
[sag] # (SR5) system activity graph
[sar] # (SR5)system activity reporter
kill -<0|1=HUP|2=INT|9=KILL> # 0=pid used? 15=TERM=default
kill -9 -1 # kill all but current pid
ldapsearch [-L] -h `findDSA` [-b "o=*"] "(cn=Jo*)"
# `findDSA` should return the local LDAP server
# (look for this in a LDAP-enabled mail client)
# -b has a default, otherwise choose all
# -L should be the default
# cn (Company Name) is a common field
# use "Jo*" rather than "*" to get only a few records
# (we only need 1 to read off the available field names)
# (& a b c (| d e f)) o=Co,cn=Name
ldapmodify
Development:
gcc -c -o -g(gdb) -pg(gprof) -Wall -Idir -Ldir -larg(libarg.a)
-S(assem)
-E(preproc): -H(shows includes) -dM -d(D|N) (shows defines) -C(keep comments) -P(no #line's)
-MM[D](gen makeline)
-shared(-G) -O# (0-3, optimize)
--verbose (-v? to show gcc/collect2/etc actually does eg libraries linked to, actual objects linked to)
-static (ld -B static) (ld -no_so) (cc -non_shared) (gcc -mno-shared-libs) # uses static libraries
-d* (eg -da all, -dm dump mem stats at end)
-Bcompiler_dir (for cpp/cc1/cc1plus/as/ld)
gcc -print-file-name=libc.a
gcc -print-prog-name=cpp
Neat Info on what g++ calls/does: g++ --verbose
Compile(g++): cpp; cc1plus; as
Link(g++): collect2; ld
Neat Info on Linking(lib search): collect2/ld --verbose
gcc dirs/files: (from end of man page)
TMPDIR/cc* temporary files
LIBDIR/cpp preprocessor
LIBDIR/cc1plus compiler
LIBDIR/collect linker front end needed on some machines
LIBDIR/libgcc.a GCC subroutine library
/lib/crt[01n].o start-up routine
LIBDIR/ccrt0 additional start-up routine for C++
/lib/libc.a standard C library, see intro(3)
/usr/include standard directory for #include files
LIBDIR/include standard gcc directory for #include files
LIBDIR/g++-include additional g++ directory for #include
LIBDIR is usually /usr/local/lib/machine/version. (see g++ -v)
TMPDIR from env var TMPDIR (default /usr/tmp if available, else /tmp).
cc(standard unix c compiler) gcc make g++ CC(HP)
ar cr l.a *.o (create a static library) [ranlib l.a]
ar ruv l.a *.o (update a static library)
ar tv l.a (list archive contents or try objdump -a l.a)
ar x l.a [files] (extract files from an archive)
ld -r a.o b.o -o c.o # 2 objects become one
ld -L (erase default lib dirs) -Ldir (add lib dir) -lname (looks for libname.(so|a) ) *.o -o a.out
(ld: -c linker-command-language-file)
make [-dn|-pn] (see make_notes)
flex(lex)(Lexical Analyzer) bison(yacc)(Yet another compiler compiler)
ldd (show deps)
ldconfig [-p] (updates lib-path-cache)
nm [-A|-C|u|g] (shows symbols) strings | grep lib(shows deps)
nm object.o | c++filt # c++filt [symbol] demangles symbol names (like nm -C)
objdump -s|x|i|d|t|... [elfdump]
# s=hexdump, Sr=hexdump w/relocs, x=headers, t=symtable, R=dyn relocs, r=static relocs
# converts objdump symbol-info into format: "size-in-decimal symbol-name"
# (useful for adding up the size of all methods in a certain class)
objdump -tC file.o | perl -ne 's/.{18}\S+\s+([0-9a-f]+) (.*)/print hex($1)." $2\n"/e' | grep -v ^0
# shows functions in an object: (from assembly code)
cat file.s | c++filt | grep ':$' | grep -v '^\.' | cut -b -79 | less
objdump --disassemble file.o less file.s # view assembly
# 3 stats for an object: ls -l f.o, size f.o, size-sum-of-symbols(from nm/objdump)
# ls-l includes the symbol table ie 30%-100% size increase, size ~ size-sum
ls -l file.o;size file.o;nm file.o (gnu doesn't show size, try objdump -t);objdump --disassemble file.o
readelf [-a|-d] # a=all d=dynam
strip (removes symbol junk)
size # shows size of text,data,bss sections
time [args] # time a command (user+sys+wall time)
[timex] # similar to time
gdb [a.out [core]] # excellent cli debugger
[ddd] # excellent debug gui
(What cores are for: gdb a.out corebt)
./configure, make, make install (standard installation proc)
[dis ] # disassembler
[mkstr] # SunOS, processes C files, extracts error("..."), writes a error-file
# and replaces the error-call with error(file_offset) for lseek-ing
strace(|truss|ltrace) [args] # display system calls called by a command
"LD_DEBUG=all ls" # shows dyn-linking (also files, symbols)
eg truss -t1 -tread,write -u libFoo -u '!libc'
eg truss -topen,close
eg strace -ff -v -x -a 40
[pstack] # prints the stack of a running process
ptrace #command debuggers are based on (see PTRACE_SINGLESTEP)
BFD,elf can be used to examine exe's (http://www.eccentrica.org/Mammon/tales/LinuxTale2.txt)
[f77] # Fortran (see also lapack for linear algebra)
-- [cvs (login get update commit add remove) $CVSROOT]
export CVSROOT=":pserver:joe@server.com:/var/cvs"
cvs login # stores password and CVSROOT in ~/.cvspass until logout
cvs [-z3] get # grabs a copy of everything
cvs update [-PAd] # updates your copy from the repository
cvs commit -m 'Message saying what you changed.'
cvs add filename # after creating file
cvs remove filename # after removing file
cvs add -d dir # after creating dir
cvs log
cvs history -f -c -a
cvs diff -r1.0 -r 1.1
cvs diff -D '24 hours ago' # doesn't work right?
# Reverting to an older version:
# (you make want to do a diff/rdiff first w/o patching directly)
cvs rdiff -r1.123 -r 1.124 c415 | patch -R
--
[ctags(esp vi/emacs lookups) [c]xref cproto cross cscope cprint] [ixfw xscope]
# etags/ctags *.[chi]* tags-search, tags-query-replace, M-','(tags-loop-continue), tags-query-replace or C-] (C-T back) for vi
[calls] # parses c-code, shows call-tree, variables
[cflow [-ix|-r]] # shows func call graph by interpreting source-file+includes
[ctrace foo.c >tmp.c;cc tmp.c] # adds trace statements to source` (sun command)
indent -di1 -d0 -nfc1 -br -kr -i8 -l80 -lc80
http://www.xs4all.nl/~carlo17/indent/indent.html#IDX21
[pstruct c2ph] filters stabs-info into structs+struct-alignment in c/perl
gcc -gstabs -S t.c; cat t.s |
cxref example:
a.c
1 main()
2 {
3 int i;
4 extern char c;
5
6 i=65;
7 c=(char)i;
8 }
NAME FILE FUNCTION LINE
c a.c --- 4- 7=
i a.c main 3* 6= 7
main a.c --- 2*
cscope example: "cscope *.[chi]*"
Find this C symbol: printf
Find this global definition:
Find functions called by this function:
Find functions calling this function:
Find this text string:
Change this text string:
Find this egrep pattern:
Find this file:
Find files #including this file:
Network:
nc(nc -v[vr]zw 1 , 21-23, 79-80, 111auth, 139smb, 513rsh, 517nfs) (7-139, 6000-6010x-redir)
nmap (portscan) -sT -sS -sF -sX -sN -sU -I
echo QUIT | nc -v -w 5 target 20-250 500-600 5990-7000 # shows initial output from each port
traceroute ping arp
ifconfig, ifconfig eth0 172.16.0.1 netmask 255.255.255.0 broadcast 172.16.0.255
ifstatus
netstat -t[e][a] (connections) -s (summary) -M (masq) -r[n] (routing) -i (devs) -a[n] (all sockets) -l (listening servers)
route -n, route [add] [default]
ipmask # tells you network/broadcast address
tcpdump
netwatch
ftp bin hash prompt mget/mput * lcd !ls !mkdir quit pipes+get/put(send+arc/retr+dearc)
put "|tar -cf - dir|gzip" dir.tgz get dir.tgz "|gzip -dc|tar -xvf -"
ssh/ssh1/ssh2
ssh public-private-key-auth: (.shosts/.rhosts/hosts.equiv are used in addition to this)
ssh-keygen2 -P; echo "idkey id_dsa_1024_" >.ssh2/identification
scp2 ~/.ssh2/id_dsa_1024_.pub server_machine:.ssh2/
ssh2 server_machine 'echo "key id_dsa_1024_.pub" >~/.ssh2/authorization'
telnet
rlogin
rsh (remsh, xrsh)
.rhosts (or /etc/hosts.equiv) # (insecure to ip-spoofing, allows rlogins w/o password from certain machines)
host uid # or just "host" for /etc/hosts.equiv
eg copy-recurse between machines: find | cpio -o | rsh cd ";" cpio -iumd
uucp (Unix to Unix copy, sort of like rcp or ftp, old command)
mesg write user [tty] talk user[@dest] finger [user]@host.com
mailx [-s Subject] user@host.com (mail retrieval: reads from mail svr, sends to localhost MTA--smtp:25)
[fetchmailconf (X cfg util)] ~/.fetchmailrc: user, pass, forcecr(qmail)
[mconnect ] # like 'telnet 25' (sendmail) cmds: /etc/mail/sendmail.hf
[from] # Display newly arrived mail (SunOS?)
lynx pine tin [elm nn]
slrn [-n -C] # nice color news reader (esc1enter=showRead,l=toggleReadGroups,f,P,q,Q,?,Agroupname,LsearchBroken?)
[ftpwho ftpcount ftpshut] # wu ftpd commands (Linux)
pppd /dev/tty0 mru 1500 mtu 1500 defaultroute asyncmap FFFFFF
# smbclient connects to Samba/NetworkNeighborhood Shares:
# Don't forget "-W ntdomain" to authenticate to the NT domain for NT machines
# (a workgroup is not a domain and "-W workgroup" should not help)
# ("Access denied." Error)
smbclient -L ServerName [-I ip] [-N] [-W ntdomain]
smbclient //ServerName/ShareName [-I ip] [-N] [-U pcguest]
smbclient -M User
smbstatus testparm smbd/nmdb (mps mbd) /etc/smb.conf
smbmount //ServerName/ShareName /mnt ...(smbclient options)
smbclient -L machinename -I machineip -U 'cyallop' -W ntdomain
nmblookup (similar to nbtstat for dos)
note: 00=hostname, 03=username, 20=sharing is on
name>ip: (name = netbios-name = NetNeighborhoodName)
nmblookup [-B broadcast]
ip>name:
nmblookup [-B broadcast] -A
server-list:
nmblookup [-B broadcast] -SM - (master browser) smbclient [-I ] -L [-N]
or
nmblookup \* # then for each ip: nmblookup -A
or
nmap -p 139 172.16.1.\* # then for each ip: nmblookup -A
(this is the most reliable way, finds "hidden" no-lm-announce servers)
(Windows boxes using only ipx-netbios won't be seen with nmblookup/nmap/smbclient)
# nmblookup-broadcast was .05s, nmap A.B.C.\* was 9.65s (nmap 1.51)
The nmap/nmb ip-lists are similar. When 2 nmb's are done, one immediately
following the other, their lists are a bit different. I suspect this is
true for nmap as well. (10s latency makes it harder to test)
(I can see why Windows remembers machines from previous attempts.)
# smbls:
# Pipes 'nmblookup \*' IPs through 'nmblookup -A' so names are reported:
nmblookup -B 172.16.1.255 \* 2>/dev/null | grep 00 | grep -v 0.0.0.0 | cut -d" " -f 1 | sort | xargs -l1 killslowpokes nmblookup -A 2>/dev/null | fgrep -v GROUP | fgrep 00
# kills laggers: '-l1 killslowpokes' (is optional, needs killslowpokes script)
nmblookup -A is sometimes quick, sometimes slow(few seconds) and sometimes
fails after several seconds The killslowpokes is a shell script, meaning
lots of shell-spawns but the improvement from lagging nmblookup's
outweighs it's many shell-spawns
# The kill script brought it from 47s to 18s(last 6s added nothing)
# recursive dl-ing/mirroring:
(cd /downloads/; ncftp -C -r -d 60 'bookmark_name:/*')
wget -P/downloads/ -t inf -c -r 'ftp://name:pass@site/*'
DNS: (host, dig, nslookup)
host 1.2.3.4 or host www.microsoft.com (or ping www.microsoft.com)
dig fbi.gov any any
host [-l] -v -t any example.com (see man named)
nslookup -type=any example.com (see DNS-HOWTO)
dnsquery -t any -v example.com
host -l -v -t any example.com # -l sometimes fails
[nstest?]
Shell Commands:
echo hi there
printf "%-.5d" 5
exec
alias # (sh/csh syntax is different)
umask XYZ # 022=default 077=secure
eg printf "%X\n" 36 printf "%u\n" 0x24
eval `echo ls`
Job Control: jobs fg %1 bg %1 ^Z
csh -l bash --login (login shell)
csh -f bash --norc --noprofile (no rc files)
csh -V (verbose echo-all, even init)
sh -v # echoes commands before executing them (even init)
# blow away environment:
env -i sh env -i csh -f
#!/bin/sh # without this, the shell may just spawn to run the script (difference in $0, speed)
shell glob expansion:
ls {a,b}[0-9]* # any file starting with: a0 a1 .. a9 b0 .. b9
# like this regex(re): \(a\|b\)[0-9].*
# like this eregex(ere): (a|b)[0-9].*
test -r|-w|-x && echo yep # some file tests (-e is not in older-test versions)
test a = a -a a != b && echo yep # some string tests
X:
xlsclients # eg for detecting remote xkeys connected to your display
[xlswins]
xwininfo -root -tree | fgrep -v '()'
xwininfo -id $WINDOWID (only in CDE?)
xsetroot -solid "midnight blue" (showrgb)
xv -root pic.gif -max -quit
startx -- :1 Starts X using display 1 (rather than 0)
xprop Window/X-environment Info (Allows user to click on desired window)
xprop -root -spy CUT_BUFFER0 Spies on their clipboard
xprop -name mywin Tells info on window named mywin
xkill -id num Kills Window with Id num, use xlswins/xprop to get the id
xkill Kills the next window clicked on AND IT'S CREATOR
xkill -frame Kills the WINDOW MANAGER (boots them off) next time they click
xkill -root -frame Kills the WINDOW MANAGER (boots them off)
xmodmap Changes the key's meanings
xmodmap -e "POINTER= 4 5 6" Disables Mouse Buttons
xset m 0 0 Disables Mouse Movement
xset s 1 Screen Blanker to 1 second
xset Shows xset control flags
xdpyinfo # screen/server info
xkbprint xkbcomp setxkbmap # keymap management
xev(prints all xevents for a window) [xkbevd(does actions on xevents)]
xclipboard(monitors clipboard, lets you save different clipboards -- crappy?)
[xselection PRIMARY]
xlsfonts xlsatoms # odd x-info commands
appres editres listres xrdb .Xresources .Xdefaults # for old X-resource widget/classes config
[lbxproxy # low bandwidth x proxy]
xauth merge ~fool/.Xauthority # merges in fool's public-readable .Xauthority (you get access to their display)
xauth list
xauth add dpyname protoname hexkey
ie xauth add app_server_ip:0 MIT-MAGIC-COOKIE-1 deadbeef
# sort of locks the screen:
xset m 0 0 && xclock -bg black -fg black -display 0:0 -g 10000x10000+0+-50
Misc:
man [-f|-k|[-s] section] command ("man" or "man man" displays options)
info Emacs Info, similar to man
newgrp(sets currently used group)
[dialog (linux, a wonderful text-interface util -- msg/menu/file/input/checkmark/radio box)]
getconf [path] # ARG_MAX LINE_MAX _POSIX_VERSION
stty [+|-] stty -a (list current) # Set tty settings
stty erase "^?" # <--help|-grammar|-pke>
stty erase "^H" kill "^U" intr "^C" eof "^D" susp "^Z" dsusp "^Y" #werase "^W"
^8 = ^? ^h sometimes equals backspace (^? is the new backspace keystroke, so ^h can be help)
echo -n Password:;stty -echo;read line;stty echo;echo (line=$< in csh)
kbdrate -r 30 -d 250 # set linux keyboard repeat
#stty modes: (see 'stty --help' and 'man stty')
# -icanon|cbreak: getchar() returns after 1 keypress, not line based
# ('stty icanon|-cbreak' undoes it)
# raw: same as -icanon -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl -ixon -ixoff -iuclc -ixany -imaxbel -opost -isig -xcase min 1 time 0
# -echo: no input chars echoed
# stty sane reset # reset term io flags
# When CBREAK is on, input from a read will be immediately available to
# the program, when off the input will be buffered until newline occurs.
# RAW is the same as CBREAK, except that in RAW mode no special character
# processing will be done.
clear
tset # odd terminal initialization command, allows figuring out where you're from(tty), mapping that to certain TERM values (bsd-origin)
true false yes
logger "Log Message" # syslog from the cmd line
expr # eval simple math eg expr \( 1 + 3 \) / 2 \* 3
bc (Bison Calc, scale=8, ibase=?, obase=?)
dc (RPN Desktop Calc)
[cvtbase ]
[sc == console spreadsheet calculator]
ispell [-a] # console spell checker (eg echo ticckle | ispell -a)
regcmp # gen c-code(array of numbers) for compiled regex (faster runtime)
date # prints date
date -s hh:mm:ss # set time
clock -w # write time out to CMOS clock
clock -s # set time from CMOS clock (happens on bootup)
clock -a # set time from CMOS clock, adjusting by offset set in /etc/adjtime (see man clock)
ntpdate # sets time from a ntp server (simple, quick way to synchronize)
ntpdate time.chu.nrc.ca (NRC in Ottawa) #time-A.timefreq.bldrdoc.gov (Boulder, CO)
ntpd #periodically syncs time between computers(eg client-server ntp, it has many options)
#NTP Servers: http://www.eecis.udel.edu/~mills/ntp/servers.htm
# (see Clock Linux-mini-hwto)
nice -n delta command... (prio -20high to 20low, 0default)
renice
renice -u
nohup [args] & # continues after logout (ignores hup signal, sends stdout,stderr to nohup.out)
crontab <-l|-e> (/var/spool/cron/crontabs/*) (man crontab)
# MIN(0-59) HOUR(0-23/interval) DAY(1-31,mon-wed) MONTH(1-12) DAYOFWEEK(0-6,0=Sunday) COMMAND
eg 55 14-18/2 25,26 12 * exec /usr/X11R6/bin/xeyes -display :0 &
(note PATH and DISPLAY may not be properly set)
("exec blah" names process name from "sh -c blah" to "blah")
at [-f script] TIME
atq(list at-jobs) atrm(rm at-jobs) batch(when low load <.8) (run every 5min by cron)
TIME: now noon midnight HH:MM HH DD.MM.YY month-name day [year] [+ count ]
10am Jul 31 14:32 + 13.05.02
at 4am + 3 days < # remove IPC object from kernel
# ps to pdf:
C:\aladdin\gs6.01\bin\gswin32c -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=C:\output.pdf -f C:\input.ps
---
#From LDP:lpg (has nice simple examples of each)
# simple kernel structures for ipc; identified by a system-wide id (you'll likely generate it from a file_inode&devnum + user_specified_char)
# Message Queues: an internal linked list within the kernel's addressing space (msgget,msgsnd,msgrcv)
# Semaphores: counters used to control access to shared resources by multiple processes(locking mechanism) (semget,semop)
# Shared Mem: the mapping of an area (segment) of memory to more than one process (shmget,shmat,shmdt)
# by far the fastest form of IPC, because there is no intermediation (i.e. a pipe, a message queue, etc)
The "swiss army knife" ioctl (input/output control):
(You more often need ioctl for special files than for regular files)
ioctl(unsigned int fd, unsigned int request, unsigned long argument)
Special files are mainly found in /dev and /proc. They differ from
regular files in that way that they hide an interface to a driver and
not to a real (regular) file that contains text or binary data.
FIONREAD ioctl number of characters waiting to be read, but only works
on terminals, pipes and sockets
The O_NONBLOCK flag can be used in an open/fcntl call to disable the
default blocking action
Standard Etc Files: (etc=Edittable Text Configuration)
/etc/inittab /etc/rc.d/* (rc.local, rc.S) /etc/fstab /etc/syslog.conf
/etc/issue(on login, before prompt, welcome/sysinfo) /etc/motd(before login, problems/warnings)
/etc/resolv.conf /etc/hosts /etc/services /etc/inetd.conf /etc/protocols
/etc/passwd /etc/groups /etc/shadow /etc/gshadow /etc/skel/* /etc/suauth
/etc/securetty (ttys where root is allowed) /etc/ftpusers (allowed to ftp)
/etc/hosts.equiv /etc/hosts.allow /etc/hosts.deny
eg
/etc/hosts.allow ALL:127.
/etc/hosts.deny ALL:ALL
/etc/shells (trusted shells you can chsh to)
/etc/named.conf /etc/nsswitch.conf /etc/host.conf /var/named/*
/etc/smb.conf /etc/printcap /etc/termcap
/etc/magic (file format info for 'file ') /etc[/X11]/XF86Config /etc/lilo.conf
/etc/profile /etc/csh.login /etc/csh.cshrc
/etc/printcap /etc/termcap (man termcap|curs_termcap|terminfo)
/etc/mtab (mounted filesystems, 'mount')
/etc/sysconfig/network (SR5,RH)
Useful Linux Dirs:
/usr/doc/HOWTO
/usr/src/linux /usr/include
Weird Locations: /usr/X11R6/lib/X11/xinit/ /var/X11R6/ /usr/lib/lynx /var/lib/apache
/usr/local/lib/amiwm/system.amiwmrc
/usr/X11R6/lib/X11/rgb.txt
Linux System Structure:
/bin, /sbin, /lib: core
/usr/bin, /usr/sbin, /usr/lib: system installed (ie rpm/etc)
/usr/local/bin, /usr/local/sbin, /usr/local/lib, /usr/local/games: local machine programs, user installed?
/var/lib/rpm/fileindex.rpm(RH) /var/lib/rpm/packages.rpm(RH) /var/log/packages/* (slack)
Security Attacked Files:
/etc/passwd /etc/exports /etc/hosts.* /etc/inetd.conf /etc/hosts /etc/group /etc/shadow /etc/lilo.conf /etc/securetty(ttys ttytab) /etc/ftpusers /etc/suauth
/etc/rc* /usr/lib/X11/xdm/Xsession(xhost +) /etc/profile /etc/csh.cshrc /usr/lib/cron/crontabs
/var/log/messages /var/log/xferlog /var/log/[wu]tmp [/var/log/syslog /var/log/debug]
/usr/adm/sulog /usr/adm/loginlog /usr/adm/errlog /usr/adm/culog /usr/mail/
~/.rhosts ~/.plan ~/.profile ~/.*rc
Security Attacked Uids:
root uucp ftp daemon bin sys adm admin sync nuucp demo umountfsys test tmproot reboot install
user anon guest games
rwho finger who
common admin email accounts:
ROOT
ADMINISTRATOR
POSTMASTER
WEBMASTER
DirNames:
.xx .mail ... ".. " ..^G" "-i"
XF86 Req'd Files:
xsvga.tgz xbin.tgz xcfg.tgz xfnts.tgz xlib.tgz [xset.tgz xvg16.tgz]
Common Overuse Hacks:
Fork-Bomb (sh $0 & sh $0 &)
Eat-Mem (while(1){malloc(1024);})
East-Disk (while :;do;mkdir x;cd x;done)
Classic fake-login Hack: simulates login screen, records passwords
chown: Note that anyone can chown/chgrp their files to "frame" another user.
Suid-bit: when set on an exe, anyone who runs it gets the owner's privileges
Standard Man Pages: (text w/optional troff cmds)
NAME (1 line)
SYNOPSIS (args, howto use)
DESCRIPTION
OPTIONS (descriptions)
EXAMPLES
SEE ALSO
FILES
BUGS
AUTHOR
---
POSIX:
(See unixapi_notes.html)
#'man standards': (SunOS 5.7)
IEEE Std 1003.1 and IEEE Std 1003.2, commonly known as POSIX.1 and POSIX.2.
POSIX Standard Description Release
POSIX.1-1988 system interfaces and headers SunOS 4.1
POSIX.1-1990 POSIX.1-1988 update Solaris 2.0
POSIX.1b-1993 realtime extensions Solaris 2.4
POSIX.1c-1996 threads extensions Solaris 2.6
POSIX.2-1992 shell and utilities Solaris 2.5
POSIX.2a-1992 interactive shell and utilities Solaris 2.5
POSIX Standard Feature Test Macros
POSIX.1-1990 _POSIX_SOURCE
POSIX.1-1990 and _POSIX_SOURCE and
POSIX.2-1992 C-Language _POSIX_C_SOURCE=2
Bindings Option
POSIX.1b-1993 _POSIX_C_SOURCE=199309L
POSIX.1c-1996 _POSIX_C_SOURCE=199506L
(1003.1b used to be 4?)
(5,9: Ada, Fortran versions of 1)
Solaris releases 2.0 through 7 also support the interfaces specified by
the System V Interface Definition, Third Edition, Volumes 1 through 4
(SVID3). Note, however, that since the developers of this specification
(UNIX Systems Laboratories) are no longer in business and since this
specification defers to POSIX and X/Open CAE specifications, there is
some disagreement about what is currently required for conformance to
this specification.
--
NLS: Native Language Support
I18N: Internationalization (English>ForeignLang, gettext)
L10N: Localization (eg CurrencySymbols,NumberFormats,Metric/Other,DateFormats)
International Date Format (ISO 8601:1988): CCYY-MM-DD
International Time Format (ISO 8601:1988): 24 hour (00:00-23:00)
(1999-01-15T24:00 is the same instant as 1999-01-16T00:00)
Ambiguous US Date Format: MM/DD/[CC]YY
eg 05/06/96 May6 or June5??
Ambiguous US Time Format: HH:MM(pm|am)
eg 12:00 a.m. Is that midnight or midday??
Meaningful Word Date: October 7th 1996
---
DNS notes
Addtional Info if for fields you think they'll ask for next.
eg provide IPs(A) with NS query
CNAME cannot have other RRs with it (MX/NS)
keep in-addr.arpa PTRs correct
---
Some Useful Linux Logs:
/var/log/: messages xferlog lastlog(lastlog) wtmp(last -15) utmp(who)
Rename X-term Title Bars: (or Iconic labels=1, 0=Both)
echo "ESC]0;TEXT^G"
xc/doc/specs/xterm/ctlseqs.ms
Setting rxvt|xterm|XTerm ~/.Xdefaults:
emacs*font: -misc-fixed-*-*-*-*-20-*-*-*-*-*-*-*
rxvt*font: -*-*-*-*-*-*-20-*-*-*-*-*-*-*
#rxvt*font: linux8x16
#rxvt*geometry: 156x62+0+0
rxvt*saveLines: 1500
rxvt*background: black
rxvt*foreground: white
rxvt*scrollBar: true
rxvt*reverseWrap: true
rxvt*titleBar: false
rxvt*VT100.Translations: #override\n\
Prior : scroll-back(1,page)\n\
Next : scroll-forw(1,page)
alt-right-click/right-click-titlebar(fvwm) or alt-mid-click(kde):
raise/lower window (cycle thru windows) (kde alt-tab is cooler)
How to set up a web-server: http://hoohoo.ncsa.uiuc.edu/docs/setup/OneStep.html
(SunOS 5=Solaris 2, name switch to Solaris)
"In my experience, perhaps 25% of applications build "right out of the
box". Another 50% or so can be "persuaded" to build with an effort
ranging from trivial to herculean. That still means a significant
number of packages will not build no matter what."
(YES, I'm not the only one!)
"Use sh for anything that could fit in a make file
Use perl for anything else"
#pragma ... # arbitrary implementation defined behavior (esp compiler/assembler)
http://bat710.univ-lyon1.fr/~ascil/cpp/cpp_37.html#IDX84 "#unassert predicate"
# gnu assertions, predicates(system, cpu, machine)
Note: you can open an exe and run any func/expr you want in it using gdb (brings new meaning to "c-shell")
Pine setup:
inbox-path: {pop.server} {pop.server}INBOX
nntp-server: news.server *{news.server/nntp}[]
# View first, then run history match: (silly but useful trick)
echo !g
!g
# !$=last arg of last cmd
# (!$ !* !^ !:3-5 last all first range)
vim file.c
chmod u+w !$
gcc !$
# look for something in history: (useful/common trick, works in old shells too)
history|grep find
# tip: use search(Cs /) constantly to move your cursor (in an editor)
===== Examples:
Finds all PATH definitions in people's configs:
grep -n PATH ~/../*/.* 2>/dev/null
mv *.htm *.html:
/bin/ls -d *.htm | sed -e 's/*/mv & &/;s/htm$/html/' | sh
Prints c funcs/classes/typedefs: (note the $1="" trick!)
ctags -twx prog.cc | awk '{$1="";$2="";$3="";print $0}' | cut -b 4-
(ctags isn't perfect misses ...::funcname(...) )
Adds headings to 'ls -l':
(printf "PERM LINKS OWNER GROUP SIZE MONTH DAY HH:MM NAME\n" ; ls -l | sed 1d) | column -t
# Replaces current Xterm, Kills Xterm History:
alias cx 'clear;(dtterm `xwininfo -id $WINDOWID|grep geometry`&);sleep 1;exit'
# Clears screen, kills shell history:
alias c "clear;cd $HOME;exec $SHELL"
Sets up xauth: (in .login)
if ("$XCHOICE" == "mit") then
set HOST = `hostname`
# Bad keys once in a while -- odd number of hex chars? (X fails to start up and hangs, must be remotely kiled)
# set randomkey = `perl -e 'srand; printf int(rand(1000000000000000000))'`
set randomkey = `perl -e 'srand;$_=sprintf("%8X%8X\n",int(rand(4294967295)),int(rand(4294967295)));s/ /0/g;print'`
xauth add $HOST/unix:0 . $randomkey
xauth add $HOST":0" . $randomkey
xinit -- -auth $HOME/.Xauthority
endif
Calculate install space:
find / -mmin -30 -type f | grep -v /proc > newfiles
#find / -mount -exec test {} = /proc -o {} = /home -o {} = /tmp \; -prune -o -mmin -30 -type f -print >newfiles
[remove na files]
cat newfiles | xargs du -k -s | awk '{s+=$1}END{print s}
Full File Dir Structure: (see also tripwire/aide)
ls -laR / | gzip -9 > /mnt/floppy/file-list-`date +'%b %e'`.lst.gz
Find new files since last checkpoint:
Checkpoint: touch .last_checkpoint
List New Files: find . -newer .last_checkpoint
find . -newer .last_checkpoint -type f | tar -cf delta_`date +'%Y-%m-%d_%H-%M'`.tar --files-from=-
find . -newer archive.zip -type f | zip -ru archive.zip -@ # adds/updates an archive
zip -o archive.zip # Sets arc mod-time to newest file it contains (ie you cp/ftp'd the arc and lost it's real mod-time)
# Manually do a "diff -qr":
# (eg files are on separate machines, you don't want to copy/tar the files,
# just the files' checksums to check for differences) (eg like tripwire)
#
# Should be(I wish): cksum -r dir1 >1; cksum -r dir2 >2; dirlistcompare 1 2
#
# (Find added/removed/altered from two similar dir-structures)
# First get 2 ' <./path/filename>' listings called 1,2 eg:
cd dir1; find . -type f -print0 | xargs -0 cksum >1
cd dir2; find . -type f -print0 | xargs -0 cksum >2
grep -v -f 2 1 | cut -f 3- -d" " >1-2
grep -v -f 1 2 | cut -f 3- -d" " >2-1
grep -v -f 2-1 1-2 >1only
grep -f 2-1 1-2 >1and2altered
grep -v -f 1-2 2-1 >2only
#
# ssh1 to gpu, cksum my home-page, fix cksum output:
ssh1 -l cyallop gpu.srv.ualberta.ca "cd public_html;find . -type f | sed s/\'/\\\\\\\\\\'/ | xargs -i'{}' cksum '{}'" | sed -e 's/ *\([0-9]\+\) \+\([0-9]\+\)/\1 \2/' >2
#
# Perl version: (original)
perl <1 -e '$a=`cat 2`;while($_=<>){$q=quotemeta;if($a!~/$q/){s/\S+\s+\S+\s+//;print}}' >1-2
perl <2 -e '$a=`cat 1`;while($_=<>){$q=quotemeta;if($a!~/$q/){s/\S+\s+\S+\s+//;print}}' >2-1
perl <1-2 -e '$a=`cat 2-1`;while($_=<>){$q=quotemeta;if($a!~/$q/){print}}' >1only
perl <1-2 -e '$a=`cat 2-1`;while($_=<>){$q=quotemeta;if($a=~/$q/){print}}' >1and2altered
perl <2-1 -e '$a=`cat 1-2`;while($_=<>){$q=quotemeta;if($a!~/$q/){print}}' >2only
Common lines between two files: (1 and 2)
perl <1 -e '$a=`cat 2`;while($_=<>){$q="^".quotemeta($_)."\$";if($a=~/$q/){print}}'
or: xargs <1 -i"{}" egrep '^{}$' 2
All lines in 1 that aren't in 2: (1 MINUS 2, each line is an entry)
perl <1 -e '$a=`cat 2`;while($_=<>){$q="^".quotemeta($_)."\$";if($a!~/$q/){print}}'
or: diff common_lines_ordered_by_1 1 | grep ">" | cut -b 3-
---
# mirror your shell to someone:
echo "tty>2;echo This is from Curtis;echo \(Control-D Closes it\);echo;cat;echo They Exited>"`tty` >1; chmod u+x 1
xterm -display someone:0 -geometry "150x50" -e 1 & sleep 1; script `cat 2`
# talk:
# (^C only kills yours, "jobs/kill")
echo "tty>2;talk $LOGNAME `who -m | awk '{print $2}'`" >1;chmod u+x 1; xterm -geometry "170x50" -e 1 -display someone:0 & sleep 1; talk $LOGNAME `cat 2`
# addition to kill theirs too:
echo $!>pid
trap 'kill -9 `cat pid`' 2
# redirect your window/display:
sleep 1; xwd [-root] |xwud -display someone:0
# ask a question:
xmessage -center -buttons "ok,busy" -timeout 5 "Can I talk to you? -- Curtis" -print
# show what's on their screen:
xlsclients -display someone:0
---
Changing Gif Transparency in Unix:
giftopnm image.gif | ppmtogif -trans #BFBFBF > image-trans.gif
silly hard-to-remove file: ^Sshecho >'-i 'clear;exit^Q
rm -- '-i '
rm -i * # may not work
find . -name '*foo*' -print0 | perl -n0e unlink
# Silly alteration of what appears on the ps/w/who list:
ln -s /usr/bin/sleep hacking_into_the_system;(sleep 1;rm hacking_into_the_system)&./hacking_into_the_system 99999
# 9:06pm up 3 days, 11:09, 4 users, load average: 0.24, 0.05, 0.02
#root pts/2 - 9:04pm 2:07 0.06s 0.01s ./hacking_into_the_system 99999
#bash-2.03# ls -l /proc/4908/
#lrwx------ 1 root root 0 Mar 29 21:08 exe -> /usr/bin/sleep*
Misc:
pwd | awk -F"/" '{print $NF}' # Prints all after last '/'
pwd | cut -d"/" -f 1 # Prints all before first '/'
basename `pwd`
dirname `pwd`
Count Max Fields:
awk '{print NF}' | uniq
grep . # del all blank lines (same as "awk 'NF>0'" and "sed -n '/./p'")
cat -s # squeeze multiple blanks lines into 1 blank line
sed 1d # cuts first line
sed '$d' # cuts last line
sed '/start/,/finish/d' # cuts from /start/ to /finish/
sed -n '/start/,/finish/p' # shows only from /start/ to /finish/
awk '/start/,/finish/{print}' # shows only from /start/ to /finish/
sed -n 'N;P' # every 2nd line, odd lines
sed -n 'n;P' # even lines
sed -e "/test/s/$/ action1/" # if /test/ is found, append action1 to EOL
sed -e "/test/!s/$/ action2/" # if /test/ not found, append action2
sed -e 's/[^"]*\("[^"]*"\)[^"]*/\1/g' # CRLF
sed 's/^M$//' # CRLF > LF
#switch first and last field: (comma delim)
sed -e 's/^\([^,]*\)\(.*,\)\([^,]*\)$/\3\2\1/'
# print top executing processes: ('n 1' or '-d1' or 'man top' for 1 iteration)
top n 1 | sed -n '/PID/!b;n;N;p' # top 2 processes w/o heading
top n 1 | sed -n '/PID/!b;N;N;N;p' # top 3 processes w/heading
# Identical: (Print only the line matching /^Subject: */)
# 'd' ends the cycle unlike most other commands
# 'b' without a label ends the cycle and acts like the 3rd version
sed -n '/^Subject: */p'
sed -e '/^Subject: */!d'
sed -n '/^Subject: */!b;p'
sed -n '/^Subject: */!ba;p;:a'
# Adds a '<' to the end of each line:
# (shows how to load the entire file into the hold-buffer)
# (note the '$!b' which says if not final line, branch to end)
# (the hold buffer may overflow??)
# (the hold buffer seems to contain a blank line on startup, so I clear it on line 1)
sed -n '1h;1!H;$!b;g;s/\n/<&/g;s/$/;p'
# notes on sed syntax peculiarities:
'{ cmds }' MUST have newline after each cmd
a,i: end on blank line?
/bin/ls -1 | tr '\n' ' '
echo * | tr -s ' ' '\n'
awk '{s+=$1}END{print s}' # (sum a column) awk -v sum=0 '{sum+=$1}END{print sum}'
# example script: (emulates xargs, processes each line in stdin--find-output)
find dir -type f |
while read file
do grep -q 'abc' $file
if [ $? -eq 0 ]; then echo "$file"; fi
done
# example script: (mv *.abc *.cba, see the sed version of this for a shorter way)
for file in *.abc
do mv $file `basename $file abc`cba
done
# sed version of mv *.abc *.cba:
/bin/ls *.abc | sed 's/.*/mv & &/;s/abc$/cba/' | sh -v
parse passwd:
awk -F: '{print $1, $5}' /etc/passwd
cat /etc/passwd | grep jdoe | awk -v FS=: '{print $1 " " $3}'
bash+bc+printf ex:
while read right wrong ; do
percent=$(echo "scale=1;($right*100)/($right+$wrong)" | bc)
printf "%2d right\t%2d wrong\t(%s%%)\n" \
$right $wrong $percent
done < database_file
Filters Gprof: (into parent,child entries eg for making a call graph)
gprof -b -C -F main | awk '/propagated/,/accumulated/' | egrep "(-|\[)" | perl -e '$_=join("",<>);while(/^\[.*?([a-zA-Z_\(\)]+) \[\d+\]$/gm){$f=$1;($t=$'"'"')=~/-----/;$a=$`;while($a=~/([a-zA-Z_\(\)]+) \[\d+\]$/gm){print "$f,$1\n";}}'
Finds undefined symbols in a.out not in libc: (eg libc.so is incompatible?) (assumes gnu nm output)
ldd a.out
libc.so.1 => /usr/lib/libc.so.1
#ldd is the same as: /lib/ld-linux.so.2 --list /bin/ls
nm -Cu a.out | cut -b -60 | cut -b 12- >aout.nm # cut too-long lines, show only symbol-name (after 12th char)
nm -Cu /lib/libc.so | cut -b 12- >libc.nm # show only symbol-name (after 12th char)
cat aout.nm | xargs -i{} egrep '^{}$' libc.nm >defined_in_libc.common
diff aout.nm defined_in_libc.common >undef.diff
# Shows "size $LIB" and the library's size-sum: (Assumes 4th column of size output is size-value)
size $LIB | awk '{s+=$4;print}END{print "\nTotal: (size-sum)\n"s"\n"}'
Decomment code for a lines-of-code count:
cat *.cpp | perl -e '$_=join("",<>);s#/\*.*?\*/##sg;s#//.*$##mg;print' | awk 'NF>0' | wc -l
# Follows include-tree:
g++ -E -H 2>&1 >/dev/null file.c [| fgrep -v -e /syslibdir1 -e /syslibdir2]
# Does 'g++ -E' on a system include:
echo "#include